Lucene search
K

423 matches found

NVD
NVD
added 2026/01/18 11:15 p.m.11 views

CVE-2026-23733

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...

6.4CVSS0.00123EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002129 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...

7.8CVSS6.2AI score0.03725EPSS
Exploits0References10
SUSE Linux
SUSE Linux
added 2026/01/14 8:49 a.m.6 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. MFSA 2026-03 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebG...

6.1CVSS7.4AI score0.0057EPSS
Exploits0References28
OSV
OSV
added 2026/01/13 2:16 p.m.7 views

CVE-2026-0882

Use-after-free in the IPC component. This vulnerability affects Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2026/01/13 2:16 p.m.2 views

UBUNTU-CVE-2026-0882

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS7.3AI score0.00405EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.4 views

PT-2026-2644

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 Description A use-after-free issue exists in the IPC component. This can potentially lead to undesirable behavior. Recommendations Update...

9.8CVSS6.6AI score0.09348EPSS
Exploits2References225
NVD
NVD
added 2026/01/12 4:16 p.m.7 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/12 12:0 a.m.5 views

EUVD-2026-1927

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS6.5AI score0.00197EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 3:15 p.m.20 views

CVE-2025-14979

AirVPN Eddie on macOS is affected by CVE-2025-14979 due to an insecure XPC service that allows local, unprivileged users to escalate privileges to root. Affected version: Eddie 2.24.6. Documented impact is local privilege escalation with high confidentiality/integrity/availability implications. R...

8.5CVSS6.8AI score0.00148EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/30 12:23 p.m.23 views

CVE-2023-54280 cifs: fix potential race when tree connecting ipc

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

0.00167EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/24 1:16 p.m.8 views

CVE-2022-50748

In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in initmqueuefs commit db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" Here's a similar memory leak to the one fixed by the patch above. retiremqsysctls need to be called...

5.7AI score0.00198EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53033

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd session rpc open function within the kernel's ksmbd component. When ksmbd rpc open fails, it does not properly call ksmbd rpc id free to release...

6.3AI score0.002EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/17 12:55 a.m.9 views

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

9.6CVSS6.9AI score0.00527EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/12 6:30 p.m.4 views

EUVD-2025-203099

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

8.4CVSS6.7AI score0.00192EPSS
Exploits1References3
CVE
CVE
added 2025/12/12 3:58 p.m.11 views

CVE-2025-13733

BuhoNTFS (v1.3.2) is affected by CVE-2025-13733 due to an insecure XPC service that enables local, unprivileged users to escalate to root via insecure functions. This conclusion is supported by multiple connected sources (NVD, Red Hat, EUVD, CIRCL, CVE lists, and vulnerability feeds) all describi...

8.5CVSS6.8AI score0.00192EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

Dr.Buho BuhoNTFS 安全漏洞

Dr.Buho BuhoNTFS is an NTFS driver from the Chinese company Dr.Buho. A security vulnerability exists in Dr.Buho BuhoNTFS version 1.3.2, which originates from an insecure XPC service and could result in local user privileges being elevated to root...

8.5CVSS6.4AI score0.00192EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from improper validation of the aocservicereadmessage input in aocipccore.c, which could lead to local elevation of privilege...

7.8CVSS6.2AI score0.00091EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/12/08 9:1 a.m.6 views

tipc: Fix use-after-free in tipc_mon_reinit_self().

...

7CVSS7AI score0.00199EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/12/05 6:3 p.m.4 views

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

8.9CVSS6.8AI score0.00445EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/04 7:22 p.m.5 views

CVE-2025-66222

DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...

9.6CVSS5.6AI score0.00518EPSS
Exploits1References1
Rows per page
Query Builder